Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    77e9a959e4b4a5de2035935ed13d17815f99be07bfbcf835e0483a6ad9509337

  • Size

    99KB

  • Sample

    220919-wj669sbde9

  • MD5

    fe4dd160fefcdafc4eb611fd9136e0bf

  • SHA1

    236cbabb412841d1590df85ffcb0351784c02e5a

  • SHA256

    77e9a959e4b4a5de2035935ed13d17815f99be07bfbcf835e0483a6ad9509337

  • SHA512

    c22585f7c2c6da42cb0382af1e4991ae8514f967481bbb12691fb659f244ae5a3fd48d51f99e449b0c88f27dfecd32a66d146470d95080fea67ac8adf4524a6c

  • SSDEEP

    3072:e47excGxFLPkH9SnbZDabWDLZKTOrvn7BWP:e+eGYtPk0Z+8Lhrvn4P

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      149KB

    • MD5

      ff086d0d59b161c9b6c042e902323622

    • SHA1

      a5533ae498366582e9b08cc28821ffd1e00f92a7

    • SHA256

      abdc11a0da5cdc6e005a8fa09cf6398ec337cf7801cf5231e50e987345812ea3

    • SHA512

      c779d69cad19597bf9a619d6f4599d7df4219d77e6144ee694c5076db56013e34781a691d93e6caac15a861b404bc1c15fdce8e70cb02b90ed7a0cc7015738a6

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hieh/zn7BWR:AbXE9OiTGfhEClq9Mh/zn4R

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks